Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-29519 | HIGH | 8.2 | Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows … | Jul 10, 2026 |
| CVE-2026-22660 | HIGH | 7.2 | FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a … | Jul 10, 2026 |
| CVE-2026-22659 | HIGH | 8.1 | FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they … | Jul 10, 2026 |
| CVE-2025-12127 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Jul 10, 2026 |
| CVE-2026-56813 | UNKNOWN | — | Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds … | Jul 10, 2026 |
| CVE-2026-54470 | MEDIUM | 5.3 | Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access … | Jul 10, 2026 |
| CVE-2026-54469 | HIGH | 8.8 | Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit … | Jul 10, 2026 |
| CVE-2026-56814 | UNKNOWN | — | Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an … | Jul 10, 2026 |
| CVE-2026-56690 | HIGH | 8.5 | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged … | Jul 10, 2026 |
| CVE-2026-56689 | HIGH | 7.7 | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged … | Jul 10, 2026 |
| CVE-2026-56688 | CRITICAL | 9.1 | Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high … | Jul 10, 2026 |
| CVE-2026-54468 | MEDIUM | 6.5 | Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability … | Jul 10, 2026 |
| CVE-2026-53363 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() iptfs_consume_frags() transfers paged fragments from one socket buffer … | Jul 10, 2026 |
| CVE-2026-58225 | UNKNOWN | — | SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing … | Jul 10, 2026 |
| CVE-2026-14461 | UNKNOWN | — | mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this … | Jul 10, 2026 |
| CVE-2026-9857 | MEDIUM | 4.3 | The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not … | Jul 10, 2026 |
| CVE-2026-41880 | UNKNOWN | — | R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper … | Jul 10, 2026 |
| CVE-2026-41879 | UNKNOWN | — | R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this … | Jul 10, 2026 |
| CVE-2026-41878 | UNKNOWN | — | R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID … | Jul 10, 2026 |
| CVE-2026-41877 | UNKNOWN | — | R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file … | Jul 10, 2026 |
| CVE-2026-41876 | UNKNOWN | — | R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This … | Jul 10, 2026 |
| CVE-2026-15378 | CRITICAL | 9.3 | A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a … | Jul 10, 2026 |
| CVE-2026-15028 | LOW | 3.9 | A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The … | Jul 10, 2026 |
| CVE-2026-13710 | MEDIUM | 6.4 | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Jul 10, 2026 |
| CVE-2026-13247 | MEDIUM | 6.4 | The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the … | Jul 10, 2026 |